Can some please convert these iptable rules in IPFW #Allow Squid outbound access on port 8080 (Dansguardian) iptables -t nat -A OUTPUT -p tcp -m tcp --dport 8080 -m owner --uid-owner squid -j ACCEPT
# Allow Squid outbound access on port 80 iptables -t nat -A OUTPUT -p tcp -m tcp --dport 80 -m owner --uid-owner squid -j ACCEPT # Don't redirect root on port 80 iptables -t nat -A OUTPUT -p tcp -m tcp --dport 80 -m owner --uid-owner root -j ACCEPT # Don't redirect root on port 3128 (Squid) iptables -t nat -A OUTPUT -p tcp -m tcp --dport 3128 -m owner --uid-owner root -j ACCEPT # Redirect all requests on port 80 to 8080 (Dansguardian) iptables -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 # Accept requests on port 3128 from nobody (Dansguardian user) iptables -t nat -A OUTPUT -p tcp -m tcp --dport 3128 -m owner --uid-owner nobody -j ACCEPT # Redirect all other requests on port 3128 to 8080 to prevent users from getting around Dansguardian by going directly to Squid iptables -t nat -A OUTPUT -p tcp -m tcp --dport 3128 -j REDIRECT --to-ports 8080 # Delete the NOTRACK rule that SuSEfirewall2 adds to the raw table of the OUTPUT chain iptables -t raw -D OUTPUT -o lo -j NOTRACK _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[email protected]"
